Fix WPA/WPA2 AP rejection on parameter mismatch

If WPA/WPA2 was enabled in the configuration, the non-WPA exception
could allow an incorrect AP to be selected from scan results. Do
not use the exception if WPA/WPA2 is enabled in configuration.

diff --git a/wpa_supplicant/events.c b/wpa_supplicant/events.c
index 41c5534..f94fc64 100644 (file)
--- a/wpa_supplicant/events.c
+++ b/wpa_supplicant/events.c
@@ -435,8 +435,15 @@ static int wpa_supplicant_ssid_bss_match(struct wpa_supplicant *wpa_s,
                return 0;
        }
 
-       /* Allow in non-WPA configuration */
-       return 1;
+       if (!wpa_key_mgmt_wpa(ssid->key_mgmt)) {
+               wpa_dbg(wpa_s, MSG_DEBUG, "   allow in non-WPA/WPA2");
+               return 1;
+       }
+
+       wpa_dbg(wpa_s, MSG_DEBUG, "   reject due to mismatch with "
+               "WPA/WPA2");
+
+       return 0;
 }